我似乎无法让 sudo 工作或我的 root 工作。我认为这与我更改默认 shell 或忘记 root 密码有关,但我保留了 root 密码,并从紧急 shell 更改了默认 shell 以及重建 selinux 标签。
然后我从恢复模式应用了 chmod 4755 /usr/bin/sudo 这也没有解决任何问题。
下面是问题的说明。
~/scripts took 1m1s
❯ sudo reboot now
Failed to write reboot parameter file: Permission denied
~/scripts took 3s
❯ sudo ./houdini.sh
nice: cannot set niceness: Permission denied
~
❯ su root
Password:
This account is currently not available.
~/scripts took 8m35s
❯ sudo -u root ./houdini.sh
[root@fedora scripts]$ cd ..
bash: cd: ..: Permission denied
[root@fedora scripts]$ mount -o remount,rw /
mount: /: must be superuser to use mount.
dmesg(1) may have more information after failed mount system call.
❯ grep ^root: /etc/passwd
grep: CGI: Is a directory
grep: Desktop: Is a directory
grep: dev: Is a directory
grep: Documents: Is a directory
grep: Downloads: Is a directory
grep: git: Is a directory
grep: houdini19.0: Is a directory
grep: houdini19.5: Is a directory
grep: Music: Is a directory
grep: omniverse:: Is a directory
grep: Omniverse: Is a directory
grep: output.txt: Permission denied
grep: Pictures: Is a directory
grep: Public: Is a directory
grep: scripts: Is a directory
grep: Templates: Is a directory
grep: tools: Is a directory
grep: Videos: Is a directory
❯ id root
uid=970(root) gid=0(root) groups=0(root)
❯ grep root: /etc/passwd
oot:x:0:0:root:/root:/bin/bash
operator:x:11:0:operator:/root:/sbin/nologin
root:x:970:0:Super User:/root:/usr/sbin/nologin
目前这让我担心
❯ sudo killall -u root
~
❯ sudo usermod -u 0 -o root
usermod: user root is currently used by process 100784
(每次我重新运行时该过程都会发生变化)
答案1
看起来 root 帐户的用户名已更改为oot。
/etc/passwd这可能是由于在没有使用保护措施的情况下编辑文件时出现错误造成的vipw...但加上 UID 970 作为虚假root帐户,看起来更像是您的系统可能已被黑客入侵:这看起来可能是某个人的作品试图确保合法所有者无法轻易撤销入侵者访问权限的入侵者。
请参阅信息安全 StackExchange 中的这篇文章:如何处理受到入侵的服务器?